package com.youngjun.common.security.service;


import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;

import java.io.IOException;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.List;

public interface PkiService {


    /**
     * Generates a key pair.
     *
     * <p>If this KeyPairGenerator has not been initialized explicitly,
     * provider-specific defaults will be used for the size and other
     * (algorithm-specific) values of the generated keys.
     *
     * <p>This will generate a new key pair every time it is called.
     * @return the generated key pair
     */
    KeyPair generateKeyPair();

    /**
     * 获取根证书
     * @return
     */
    X509Certificate getRootCertificate();

    /**
     * 获取电梯平台根证书
     * @return
     */
    X509Certificate getAgentCertificate();

    /**
     * 获取电梯平台根证书对应的私钥
     * @return
     */
    PrivateKey getRootPrivateKey();

    /**
     * 获取证书吊销列表
     * @return
     */
    X509CRL getX509CRL();

    /**
     * 验证证书有效性：
     * 1、是否过期
     * 2、是否是本系统根证书签发
     * 3、是否被吊销
     * @param certificate
     * @return
     */
    void verfyCert(X509Certificate certificate);

    /**
     * 根据agentject以及Keypair生成证书申请
     * @param x500Name
     * @param keyPair
     * @return
     * @throws OperatorCreationException
     */
    PKCS10CertificationRequest createCSR(X500Name x500Name, KeyPair keyPair) throws OperatorCreationException;

    /**
     * 使用根证书签发证书申请
     * @param csr
     * @return
     * @throws IOException
     * @throws NoSuchAlgorithmException
     * @throws OperatorCreationException
     * @throws CertificateException
     * @throws InvalidKeyException
     * @throws NoSuchProviderException
     * @throws SignatureException
     */
    X509Certificate signCert(PKCS10CertificationRequest csr) throws IOException, NoSuchAlgorithmException, OperatorCreationException, CertificateException, InvalidKeyException, NoSuchProviderException, SignatureException;

    void addX509CRL(String certificate);

}
